data asset managementAs data becomes more and more valuable, data breaches are becoming both more common and more costly for businesses who store confidential or identifying data on the cloud.

In 2019, data breaches exposed hundreds of millions user records — if not billions. The companies affected responded in different ways — some better than others. Each response provided lessons for cyber security professionals.

Here’s a breakdown of some of the biggest breaches from 2019 — and what security professionals can learn from them.

Houzz: 48.9 million records

Home improvement website Houzz was the victim of the first high-profile data breach of the year back in January.

Houzz’s response to the breach was pretty superb — to the point that Pieter Arntz, a malware intelligence researcher at Malwarebytes, lauded their actions in a post on the company’s blog.

Rather than wait until the investigation was completed, Houzz informed customers about the breach as soon as they had identified what information was stolen. Houzz also promised security upgrades but kept the specifics of their plans vague — giving hackers as little information as possible about their current vulnerabilities.

Because Houzz also encrypted the user passwords they stored, it’s unlikely hackers were able to use those passwords after the breach.

Capital One: 100 million records

In August, more than 100 million records were exposed by a single hacker after she was able to gain insider access to Capital One’s servers.

Thanks to a combination of sources close to Capital One — and the hacker’s own documentation of the breach — we know that the hacker was able to gain access to Capital One’s servers due to a misconfiguration of the company’s firewall.

Evan Johnson, manager of Cloudflare’s product security team, wrote a column that breaks down how the attack happened and how it can be prevented in the future. Johnson came to the conclusion that Amazon’s security tools were incomplete, and an upgrade could prevent similar attacks in the future.

In November, AWS pushed an upgrade that should provide a better defense against attacks like those used against Capital One. Cyber security professionals should probably read both Johnson’s breakdown and how Amazon responded. Read together, the two can help professionals understand how these vulnerabilities are created and how IT and security teams can defend against them at the enterprise level.

Dubsmash: 161.5 million records

In February, the developers of video messaging app Dubsmash announced that nearly 162 million user records had been exposed in a data breach.

While most of the records were stolen in 2018, the company only responded after the records were put up for sale on the dark web. In a notice sent to customers, the company urged customers to change their passwords immediately.

The company’s response could have easily been more proactive. With the right security controls and practices in place, it’s possible for a company to learn of unauthorized access and inform customers before their data is being sold.

Facebook: 540 Million Records (at Least)

At least 540 million Facebook user records were exposed in March. The records were exposed when two third-party app developers left them unsecured on Amazon cloud services. Facebook’s policies prohibit third-party developers from storing records in this way, but the policy alone wasn’t enough to keep those records secure.

Facebook responded by suspending several app developers who improperly restored user data — the company’s actions were more reactive than proactive.

The takeaway for security professionals? Properly vet third-party services who have access to your data and restrict network access when possible.

Protecting Data in 2020

It’s likely that data breaches will only become more common in the future — which means that cyber security professionals will need to be more prepared than ever in 2020.

The responses to this year’s biggest data breaches demonstrate that a good response to a data breach is both technical and personal. In the wake of a breach, businesses need to identify and patching vulnerabilities while also responding to customers and dealing with possible third-party sources for a breach.